Mozilla 1024-Bit Cert Deprecation Leaves 107000 Sites Untrusted
Mozilla team have got advised from many of the important organisation to implement 2048-bit keys or higher for the security purpose. Along with Mozilla, Microsoft have also made a changes to its certificate key length and Google is also to followed this.
Regarding the moves to the upgrade version of the digital certificates Paid7 team have published a report yesterday, which states that about 107,000 sites will affected by Mozilla's change. Project Sonar indexes close to 20 million websites, and the scan listed 107,535 sites using a cert signed by what will soon be an untrusted CA certificate, half a percent of the websites in the Project Sonar database. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.
Moore said that with this Mozilla's change, all major browser will alert users for the expired certificate. Totally 30,000 sites will not expire out of 107,000 sites.
“Users can choose to ignore an expired certificate in most browsers, but the dialogs presented to the user look similar to any other invalid certificate. Unfortunately, most people will click through anyway.” - he added.Along with this, Google Chrome is the another popular browser and Google will soon remove old certificates. With some of the sources its says that, Google Chromium project [Chrome's open source base] developers want to remove 1024-bit CA certificates as soon as possible, but are still concerned about the number of web sites that would be affected.